Appearance

Turbo Scan Release Notes

This page contains information about the new features, improvements, known issues, and bug fixes in Turbo Scan releases.

26.1.12

The January 2026 update to Turbo Scan includes the following improvements:

  • Scan analysis canonicalization now allows DLL-only clusters, reducing false negatives
  • REJECTED CVEs are now excluded, reducing false positives
  • Adjusted product normalization rules that were causing false negatives for curl (e.g., haxx or The curl library, https://curl.se/)
  • Adjusted version normalization rules to better parse complex version strings
  • Improved database indexing for NVD CPE criteria that do not exactly match the official NVD CPE dictionary
  • New 2026-01-15 CVE database update

25.9.87

The September 2025 update to Turbo Scan includes the following improvements:

  • Added file clustering service that groups file components into canonical products before CVE matching, reducing false positives where individual files within an installation have different versions than the overall product version
  • PE files are now classified as File type instead of Application/Library for better semantic accuracy
  • Added SHA-256 hash computation for file components (Hashes property)
  • Added certificate thumbprint extraction from digital signatures (turbo:signature[filename]:thumbprint custom property)
  • Updated CVE database snapshot as of 2025-09-26

This update includes fixes for the following issues:

  • Java version processing not correctly parsing legacy formats (e.g., 1.8.0 u401) and treating updates as exact versions instead of version ranges
  • Version range merging bug that incorrectly combined disjoint version ranges, causing false positives
  • Redistributable detection did not consider virtual folders (ex. @programfiles@)

25.8 (preview)

The August 2025 preview update to Turbo Scan includes the following significant architectural improvements and enhanced vulnerability detection capabilities:

  • Standardized data format to CycloneDX for improved interoperability
  • Moved inventory scan to the Turbo Client scan command
  • Improved publisher matching by collecting additional registry and PE file resource data, PE file digital certificates, configuration files, and license documents
  • Implemented multiple matching strategies (fuzzy, partial, alias, exact) that contribute to match confidence levels
  • Enhanced evidence collection and reporting with additional file metadata and properties
  • Added system metadata collection including OS details, hardware inventory, and scan tool version information
  • Improved CPE platform matching and added NVD CPE Applicability Language (CPE-AL) support
  • Enhanced detection for reference assemblies and common redistributables
  • Improved search performance
  • Updated CVE database as of August 21, 2025

Turbo.net © 2025